COMPETITOR INTELLIGENCE

Lexology PRO

Power up your legal research with modern workflow tools, AI conceptual search and premium content sets that leverage Lexology's archive of 900,000+ articles contributed by the world's leading law firms.

Belgian Privacy Commission publishes decision on “SWIFT case”

On December 9, 2008, following an extensive two-year review of SWIFT’s messaging service, the Belgian Privacy Commission (DPA) concluded that SWIFT had fully complied with Belgian data protection law. While the Article 29 Working Party and the DPA had previously determined that SWIFT was acting as a co-controller, the DPA, introducing a new concept in data protection law, decided that SWIFT is mainly acting as a mandate (délégué de fait) for the financial community. The financial community and the banks are therefore the data controllers and are liable for compliance with most data protection rules. The DPA consider SWIFT as a data controller for the processing of data for extraction and anonymization of non-identifying data for statistical and analytical purposes. In addition, the DPA decided that Belgian law applies when assessing the data transfers and the level of data protection of the country to which the data is transferred. However, further processing of data physically located in the US (e.g., onward transfer of data to the UST) is subject to only US law. Finally, a series of voluntary measures taken by SWIFT to improve the protection of personal data were also decisive. The full text of the Belgian DPA’s decision (in French) is available here.

"Lexology is a good barometer of a firm's expertise as the articles showcase a firm's understanding of the issues involved and how up to date their knowledge is. It's a good one stop solution where one is able to view the same law/cases from different perspectives; on the whole I would rate Lexology as a good service."